<?php

class DefaultController extends Controller
{
	public $layout='column1';
	
	/**
	 * @return array action filters
	 */
	public function filters()
	{
		return array(
			'accessControl', // perform access control for CRUD operations
		);
	}
	
	public function allowModeratorOnly(CWebUser $user, CAccessRule $rule)
	{
		/**
		* @var CWebUser
		*/
		$user = Yii::app()->hqUser;
		
		if ($user->isGuest) return !$rule->allow;
		$x = OpenIdUser::model()->findByAttributes(array('email'=>$user->email));
		
		$allow = !is_null($x) && in_array('MODERATOR', $x->roles);
		
		if ($allow) return $rule->allow;
		else return !$rule->allow;
	}
	
	public function accessDenied($user, $rule)
	{
		$user = Yii::app()->hqUser; 
		if($user->getIsGuest())
			$user->loginRequired();
		else
			throw new CHttpException(403,empty($rule->message)?'Truy cập bị từ chối':$rule->message);
	}

	/**
	 * Specifies the access control rules.
	 * This method is used by the 'accessControl' filter.
	 * @return array access control rules
	 */
	public function accessRules()
	{
		return array(
			array('allow',  // allow MODERATOR only
				'actions'=>array(),
				'expression'=>array($this, 'allowModeratorOnly'),
			),
			array('deny',  // deny all users
				'expression'=>array($this, 'accessDenied'),
			),
		);
	}
	
	public function actionIndex()
	{
		$this->render('index');
	}
}